mercurial (SL6, SL7)

* A flaw was found in the way “hg serve –stdio” command in Mercurial
handled command-line options. A remote, authenticated attacker could use
this flaw to execute arbitrary code on the Mercurial server by using
specially crafted command-line options. (CVE-2017-9462)
—